This is a guest post written by Carlos Andrade (aka cpvr), an internet entrepreneur and owner of VirtualPetList.com.

Hello everyone! My name is Carlos Andrade (known online as cpvr). I’ve trusted someone over the years to help me run our server (which I, as a webmaster, have run and maintained).

In June of 2009, the server administrator (the person I trusted) decided to bollix our operation. Not only did he wipe our backups, but he also broke into our email accounts, stole our domain names, and stole our hosting account. Our hosting account was maintained by ThePlanet.

After this incident, my community thought that we sold out (see VPL hacked?). As time went on, we were faced with a decision of returning or staying down. I wanted to stay down because my life was going in a wreck (got in a car accident and lost it all) and everything was piling up fast.

I didn’t want to come back because it hurt so much to lose years of hard work. Not only did this guy do it to us twice, but he thought it was funny. He claimed he was "beat down" as a little one. However, when you steal from others and you’re not good at what you do, you can slip. He eventually told us important information (such as his place of residence).

Not only did he take my community from me, he also broke into my computer the following weekend because I had some security settings open and my firewall turned off. I let him get in because I wasn’t aware of the features on my laptop since I wasn’t the one that bought it, my parents did.

So, I asked one of my fellow administrators (also, co-owner, EBK) of what I should do – and told him about what was going on. He told me to check for "remote access" via windows search. I found it and unchecked the box. I’ve also turned my firewall on, changed emails, beefed security on domain company, and also made harder passwords.

He also stole my "Google accounts," which means he was out to wipe me clean, but I fought back and supplied our users with what they were asking for (more information). If you’re a webmaster and you know what it’s like to lose years of hard work just for trusting someone, then you can relate to me.

But, of course stealing people’s information is grounds to contact the FBI, so I filed an internet complaint on IC3 and provided them with all the evidence that I had. I do not intend for cyber crime to remain an oft unpunished variety. This incident demonstrated to me on a personal level the damages which can be caused by just one man.

Although the web is still an emerging medium, crimes against digital properties deserve the same level of treatment as those against physical ones. Many of the perpetrators treat this domain as a new wild west in which they may do whatever they please without any comeuppance, but these actions deserve real life punishment. That is why I have brought in law enforcement, and hope that the perpetrator is rightfully prosecuted to the fullest extent of the law.

So, remember guys: only trust your friends because when we went down, I went to ask one of my fellow business partners (we worked on many projects before) for help and he also exposed the culprit to everyone.

You didn’t have any remote backups? That’s your fault. You improperly backed up your site. Any serious webmaster should have multiple redundant backups. My servers have been hacked / wiped before but bc I know what the word backup really means I was alwAys able to get them back up within 24 hours.

A backup should be done on a regular basis after any significant updates or content additions. Then that backup needs to be stored locally, on the live host, and remotely at atleast one other geographic location far from your hosts location. That’s the only way to be sure your data is truly recoverable.

While your admin was a dick your lack of forethought is what screwed you.

My fault? We had all backup systems implemented – he deleted them and went from there. We’re in the process of talking to our old hosting company and handling the situation. its not my fault, we weren’t available.

I agree with Andrew. You should follow the old X-files adage “Trust No One” when it comes to working with people you don’t really know. Seriously you didn’t even know were this guy lives and gave him the keys to your business? Even though you may have known him in the online realm for sometime, its not a real relationship and you can get burned quite easily.

Also whats with your quitter attitude? You got in a car accident and that made you want to give up? It seems like your lack luster work ethic is really what cost you your business.

It’s not about whether you’ve thought about quitting, it’s whether you actually DO QUIT. Anyone that’s done ANYTHING in life or business has had the thought at least once of “Is this worth it?” when the chips are down.

What makes people different is whether they let life dictate what they’re going to do or whether they dictate to life and others whatever they want to do.

Remember that courage isn’t about not feeling fear. Courage is feeling fear, looking at your fears eye-to-eye, and taking action in spite of it.

I would also call the FBI and see what they could do for you. This person that did this must have been a kid and hopefully this person never gets hired as a IT person because he can’t be trusted. Greg Ellison

For those in affiliate marketing, security is something that is often overlooked. I had some of my sites hacked awhile back and it definitely opened my eyes. Have a backup plan in place, make strong passwords, have a copy of everything offline, and be smart.

Good point, Dave. What do you recommend to others about being smart? Strong passwords = key, but firewalls are also stronger. And also not storing anything on the PC is even safer. Deletion of business-emails = also key.

Yes online security is extremely important for anyone running an internet business. There are a lot of shady people out there who will try to mess with you just to brag about it. Always ensure you are have suitable security settings on all computers you use and on your servers. I would hate to go through the headaches of having someone destroy my entire online business. I too would pursue criminal charges against someone like that.

Wow that is really unfortunate luck man. That’s why you really can’t trust people 100%, and have some sort of contract written agreement, and also always be backing things up on a personal level from time to time.

Wow, that is bad, I just put a link into my sidebar at http://hospitalera.com/ to your web site to help you out a bit. It is under “watchlist”… A back link from a PR4 site can never hurt! Have you asked your members to but up anchored back links to your site? SY

Uhm, I don’t get it. This person destroyed your business assets and you haven’t called the police?

If you know his name and where he lives, you call the cops in the city and report a crime. No difference between wiping out $X in web server assets and breaking into a retail store and stealing $X in physical goods.

I don’t think your best bet is to try to smear his name on Blogs. If he broke the law, call the cops.

However, thanks for the post. You just reminded me to get my backups done. 🙂

While the guy brings up a lot of good points about website security that we should all think about, his personal stance on the issue seems to be motivated by arrogant revenge.

I have read a few threads on his site where his own community are starting to think he is a delusional, controlling asshat with no sense of reality.

In one thread, he has an issue with a virtual pet site which charges users for extras and/or membership (I’m not sure which, but the point is, he has an issue that it charges members for something or other). His main problem is that the site then pays that money to designers/coders/developers to make the site better.

He claims that paying these people is a waste of money and that it doesn’t add anything to the site. That the money paid by users should be put back into making the site better. So basically, he doesn’t realise that it is these designers/coders/developers which actually ARE making the site better for it’s users.

Yes, that’s right. The guy that wrote this post has no idea how web design/development works and what matters to people who use the websites when they have been opened, so I have no idea how he thinks he can tell other people to run theirs.

He thinks that the only thing that can make a site better are faster servers (because that’s all money SHOULD be spent on). He thinks that web designers should do it for free (which probably shows how much he’s willing to pay himself, especially judging by the look of his site), and anyone that can afford to pay them (via fees collected by a faithful user base who actually want to pay to make the site better) should be brought down a peg or two.

And why did he start this whole diatrabe against that site paying staff anyway? Because someone on the staff declined to tell him exactly how much they earnt.

Yes, as well as not realising how web businesses work (and obviously trying to get by as cheap as possible and hating on people spending a little to make things better), he has the cheek to ask a complete stranger how much they earn, for no reason other than to let his arrogant brain know how much they earnt.

Probably much more than he. Hurts, doesn’t it, cpvr.

Yes, Tyler, you have been extremely transparent with your earnings, but even you know that most people aren’t, and I doubt you’d ask a complete stranger how much they earnt and then do a whole smear campaign against them when they don’t tell you.

But more than this lack of knowledge, almost every post comes across as arrogant, self-righteous and extremely contradictory.

I’d suggest you read this thread on his own forum before you post any more guest posts written by him again.

He is a vengeful little psycho, so right now, I’m taking this whole “He stole everything!” story with a pinch of salt. It’s probably revenge for someone else who simply didn’t help him out with his petty, arrogant requests.

Sponsors

Whoa, not so fast! Don’t just immediately close this – hear me out for a second first.

If you enjoy reading my blog and would like to stay informed of new posts, sign up to my mailing list. An automatic e-mail with links and snippets from my latest 4 posts will be sent out.

In addition, I will very occasionally (on average once or twice a year) send out an e-mail if I have something very interesting or important to say. I promise that your inbox will not be flooded with spam.